Command injection in CLI

MonitorCVSS 6.1FG-IR-26-131May 12, 2026

Fortinet

IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

A command injection vulnerability exists in the CLI interface of FortiAP, FortiAP-U, and FortiAP-W2 access points due to improper sanitization of special shell characters in command parameters. An authenticated attacker with administrator credentials could inject and execute arbitrary OS commands on the affected device.

What this means

What could happen

An attacker with high-privilege credentials on a FortiAP access point could inject arbitrary commands into the CLI and execute them with elevated privileges, potentially compromising network security and taking control of wireless infrastructure.

Who's at risk

Network administrators responsible for Fortinet wireless access point infrastructure. FortiAP, FortiAP-U, and FortiAP-W2 series access points used in enterprise and campus networks for Wi-Fi connectivity.

How it could be exploited

An attacker with administrative or engineering credentials logs into the FortiAP CLI and supplies specially crafted input to a command parameter that fails to sanitize shell metacharacters. The application executes the injected command with the same privileges as the authenticated user, allowing execution of arbitrary system commands on the access point.

Prerequisites

Valid administrator or high-privilege user credentials on the FortiAP
Access to FortiAP CLI interface (local console, SSH, or Telnet)

requires high-privilege credentialslow complexity attackaffects network infrastructuresome product lines have no patch available

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (10)

10 with fix

ProductAffected VersionsFix Status

FortiAP7.6.0 - 7.6.27.6.3+

FortiAP7.4.0 - 7.4.57.4.6+

FortiAP7.2 all versionsMigrate to fixed release

FortiAP7.0 all versionsMigrate to fixed release

FortiAP6.4 all versionsMigrate to fixed release

FortiAP-U7.0.0 - 7.0.57.6.3+

FortiAP-U6.2 all versions7.6.3+

FortiAP-W27.4.0 - 7.4.47.6.3+

Remediation & Mitigation

0/5

Do now

0/2

FortiAP

WORKAROUNDRestrict CLI access to the FortiAP to authorized administrators only and disable remote CLI access (SSH/Telnet) if not required

HARDENINGReview and enforce strong, unique passwords for all FortiAP administrative accounts

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

FortiAP

HOTFIXUpdate FortiAP 7.6.x to version 7.6.3 or later

HOTFIXUpdate FortiAP 7.4.x to version 7.4.6 or later

HOTFIXMigrate FortiAP 7.2, 7.0, and 6.4 to supported fixed releases (7.6.3+ or 7.4.6+)

CVEs (1)

CVE-2025-53680

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b765b9a4-fcf8-4ce0-93f1-2b9dfeba5e43

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.